PE (Portable Executable) Features

PE (Portable Executable) Features

Ability to identify and mark suspicious/important strings

Automated Tagging (signatures, behavior patterns, similarity search)

Calculate .NET GUIDs (Module Version/TypeLib Id)

Calculate Authentihash / verify Authenticode signatures

Calculate entropy of resources

Calculate hashes and entropy of sections/resources

Calculate SSDEEP and Imphash

Decompile Java and .NET files

Detect cryptographic constants

Detect packers , compilers, anomalies, IOCs, and alternative IOCs

Disassemble PE files

Extract embedded files (including PE files), resources, and certificates

Extract strings from files

Integrate with other open source intelligence vendors (e.g., VirusTotal)

Malware family detection based on MISP Galaxy keywords

Map IOCs to previously detected threats (prevalence search)

Map UUIDs to known associated files/meta-data

MITRE ATT&CK framework

ML-based similarity search (300+ features)

Parse PDB information

Parse PE compiler metadata (RICH headers)

Parse SFX installer metadata

Parse SFX installer metadata

Support certificate whitelisting

Support custom hash whitelisting

Support integrated whitelists

Support national software reference library (NSRL)

Unpacking efforts for packed samples

Verify certificates (revocation status, validity, expiration)

YARA rules